MXToolbox vs the other free scanners: which to use
MXToolbox is the best free tool for email and DNS questions, but not for certificates, headers or malware. Match the tool to the question — here’s how.
Free scanners are specialists — each answers one question well and goes silent on the rest. Match the tool to the question:
- MXToolbox — the right tool for email DNS (MX, SPF, DKIM, DMARC) and mail blocklist checks; it reads the records that decide whether your email reaches the inbox.
- SSL Labs and the header graders — SSL Labs covers your HTTPS certificate and encryption; securityheaders.com and Mozilla Observatory grade your HTTP security headers, often disagreeing by a grade.
- Sucuri SiteCheck and PageSpeed — Sucuri answers “is my site hacked?” by scanning for malware and known vulnerabilities; PageSpeed Insights measures speed, not security.
- The shared gap — none of them correlate findings across slices, and none track drift over time, so a clean result today says nothing about next month.
The mistake is reaching for the wrong tool, then trusting one clean grade as a verdict on the whole site.
MXToolbox is the best free tool for email and DNS questions — your MX records, SPF, DKIM, DMARC and whether your mail server has landed on a blocklist — but it is not the tool for certificates, security headers or malware. The trick almost nobody gets right is matching the tool to the question. Run the wrong scanner and you will either get a clean result that means nothing or a scary result about the wrong thing entirely.
What MXToolbox is best at
MXToolbox lives in the part of your infrastructure that decides whether your email arrives. Point it at your domain and it reads the public DNS records that mail servers consult before they accept a message from you: your MX records (which servers receive your mail), your SPF record (which servers are allowed to send as you), your DKIM keys (the cryptographic signature on each message), and your DMARC policy (what receivers should do when SPF or DKIM fails). These four records are the difference between landing in the inbox and landing in spam, and they are invisible from your own outbox — you only see them with a tool that reads them from the outside, the way Gmail and Microsoft 365 do.
The SPF lookup is the one most worth running. SPF has a hard limit of 10 DNS lookups, and a record that quietly exceeds it fails silently — your mail keeps sending, deliverability just erodes over months. MXToolbox counts the lookups and tells you. If the result confuses you, what an MXToolbox SPF result means walks through reading it line by line.
The other half of MXToolbox's job is blocklists. It checks your sending IP and domain against dozens of the public blocklists that mail providers use to filter spam — Spamhaus, SpamCop and the rest. Being listed is the single most common reason a small business's email suddenly stops arriving, and it is usually not your fault: a neighbour on shared hosting got compromised, or an old marketing tool sent on your behalf. The reason MXToolbox is the right tool here is that it queries those same lists in real time, from the outside, in one pass — checking them by hand would mean visiting each blocklist's site one at a time. What an email blocklist is explains how listings happen and how to request removal. If you have set up brand logos in inboxes, MXToolbox also reads the record behind that — see what BIMI is.
For all of this — email DNS and blocklists — MXToolbox is the right answer and the free tier is generous. The mistake is reaching for it when your question is actually about something else.
What the other free scanners do
SSL Labs is the tool for your HTTPS certificate and the encryption behind it. Qualys SSL Labs grades your site's TLS configuration from A+ down to F, catching expired certificates, weak protocol versions and bad cipher choices. It says nothing about email or headers — it is purely about the padlock and what is behind it. What an SSL Labs grade means covers how to read the report.
securityheaders.com and Mozilla Observatory both grade the HTTP security headers your server sends with each page — Content-Security-Policy, Strict-Transport-Security, X-Frame-Options and the rest. These headers tell a browser how to defend your visitors against common web attacks. securityheaders.com is the fast, single-purpose checker; Observatory is broader and slightly stricter. The two often disagree by a grade because they weight the same headers differently, which is normal. What securityheaders.com is and what a Mozilla Observatory grade means explain each one and why their grades diverge.
Sucuri SiteCheck answers a different question again: is this site actually compromised right now? It scans for known malware, checks whether the site appears on Google's and other vendors' blocklists, and flags outdated software with published vulnerabilities. It is the closest thing on this list to a "is my website hacked" button. What Sucuri SiteCheck is covers what it catches and what it misses.
Google PageSpeed Insights measures how fast your pages load and how stable they feel while loading. It is a performance tool, not a security tool — useful for conversion and search ranking, but it tells you nothing about whether your email is configured correctly or your certificate is valid. People reach for it expecting a security verdict and get a speed report instead. It belongs on this list only because it is the free tool people most often confuse for one of the others.
A pattern runs through all five: each is a specialist that answers one question well and goes silent on everything else. That is a strength — a single-purpose tool is easy to read and hard to misinterpret on its own terms — right up until you treat its clean result as a verdict on your whole site.
Which tool for which question
The fastest way to stop wasting time is to start from the question, not the tool:
- "Is my email landing in spam / am I blocklisted?" → MXToolbox.
- "Are my SPF, DKIM and DMARC records correct?" → MXToolbox.
- "Is my HTTPS certificate valid and my encryption strong?" → SSL Labs.
- "Are my web security headers set up?" → securityheaders.com or Mozilla Observatory.
- "Is my website hacked or serving malware?" → Sucuri SiteCheck.
- "Why is my site slow?" → Google PageSpeed Insights.
The common failure is running SSL Labs and feeling secure, or running MXToolbox and assuming a clean email result means the whole site is fine. Each tool sees one slice. A clean grade from one says nothing about the slices the other five cover. Free website security scanners explained lays out the full set and what each one can and cannot see.
The shared limitation
Here is what none of these tools do, and it is the same gap in every one of them: they do not correlate findings, and they do not track drift over time.
Each scanner hands you a verdict about one slice in isolation. MXToolbox does not know your certificate expires in 9 days. SSL Labs does not know your SPF record broke last week. Sucuri does not know your DMARC policy is set to none, which is why the phishing email that triggered the malware got delivered in the first place. The findings that matter most for a small business are usually the ones that connect — a missing DMARC policy plus a lookalike domain, a wildcard certificate plus an exposed subdomain — and no single free tool joins those dots for you.
The time problem is worse, because security posture decays quietly. A clean MXToolbox result today says nothing about next month, when a developer adds a new email tool to your SPF record and pushes it past the 10-lookup limit, or your certificate slides toward expiry, or a record gets edited during a website migration and nobody re-checks it. These tools are snapshots. They have no memory. You would have to remember to re-run all five, on a schedule, and then hold the six separate reports in your head to notice that anything moved — which is exactly the work nobody has time for.
When this isn't enough
For a one-off question, the free tools are the right call, and you should use them. MXToolbox for email and blocklists, SSL Labs for certificates, securityheaders.com or Observatory for headers, Sucuri for malware, PageSpeed for speed — that is a complete free toolkit, and matching the tool to the question gets you most of the way there.
The gap opens when you need the picture rather than the snapshot: every finding in one place, correlated, with a record of what changed since last month. That is the job Red Bridge Cyber does — one scan that reads your email DNS, certificate, headers and the rest together, scores them against the Australian small business baseline, and watches for drift so a broken SPF record or an expiring certificate surfaces before your customers notice. Until then, keep the six tools bookmarked and reach for the right one.